Windows Vista Tips

Windows Vista Tips > Newsgroups > Windows Server > DNS Server > Ping domain.com inside network should resolve what?

Reply
Thread Tools Display Modes

Ping domain.com inside network should resolve what?

 
 
David Lewis
Guest
Posts: n/a

 
      08-10-2004
If I ping our internal domain name domain.com sometimes I get the ip address of our old 2000 DC and sometimes I get a
completely different ip address. I have retired the old DC and have upgraded to 2003. I am thinking that if I ping our
domain name internally I should get the ip address of the 2003 DC? Is that correct? Where in MS DNS do I say what the
ip address of the domain is? On the same note if I ping www.domain.com or ftp.domain.com I get an error of unknown
host. The web sites resolve externally, but not internally. So it looks like I have some DNS tweaking to do?
 
Reply With Quote
 
 
 
 
Ace Fekay [MVP]
Guest
Posts: n/a

 
      08-10-2004
In news:,
David Lewis <*@*.*> made a post then I commented below
> If I ping our internal domain name domain.com sometimes I get the ip
> address of our old 2000 DC and sometimes I get a completely different
> ip address. I have retired the old DC and have upgraded to 2003. I
> am thinking that if I ping our domain name internally I should get
> the ip address of the 2003 DC? Is that correct? Where in MS DNS do
> I say what the ip address of the domain is? On the same note if I
> ping www.domain.com or ftp.domain.com I get an error of unknown host.
> The web sites resolve externally, but not internally. So it looks
> like I have some DNS tweaking to do?


If you look under your zone, the LdapIpAddress is what is being resolved
when you ping domain.com. It looks like:

(same as parent) A IpAddress

Each DC registers this record. GPOs and DFS both use this record. Delete the
old record. Curious, when you removed the 'old' DC, did you properly demote
it?

As for www, then it's telling me your internal AD domain name is the same as
your external name. To resolve the external names, manually create your www
and ftp and whatever other records you need, and provide the actual external
IP address.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================


 
Reply With Quote
 
 
 
 
David Lewis
Guest
Posts: n/a

 
      08-10-2004
thankx

Do I set up a new host, alias or mail exchanger?

I resolved the first issue, but I don't understand what a LdapIpAddress is? I didn't see anything that was named
LdapIpAddress.

As far as demote, yes I transfered all the MSFO operations and I used the dcpromo on the old DC to demote it.

"Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@ho tmail.com>
|>In news:,
|>David Lewis <*@*.*> made a post then I commented below
|>> If I ping our internal domain name domain.com sometimes I get the ip
|>> address of our old 2000 DC and sometimes I get a completely different
|>> ip address. I have retired the old DC and have upgraded to 2003. I
|>> am thinking that if I ping our domain name internally I should get
|>> the ip address of the 2003 DC? Is that correct? Where in MS DNS do
|>> I say what the ip address of the domain is? On the same note if I
|>> ping www.domain.com or ftp.domain.com I get an error of unknown host.
|>> The web sites resolve externally, but not internally. So it looks
|>> like I have some DNS tweaking to do?
|>
|>If you look under your zone, the LdapIpAddress is what is being resolved
|>when you ping domain.com. It looks like:
|>
|>(same as parent) A IpAddress
|>
|>Each DC registers this record. GPOs and DFS both use this record. Delete the
|>old record. Curious, when you removed the 'old' DC, did you properly demote
|>it?
|>
|>As for www, then it's telling me your internal AD domain name is the same as
|>your external name. To resolve the external names, manually create your www
|>and ftp and whatever other records you need, and provide the actual external
|>IP address.
|>
|>--
|>Regards,
|>Ace
|>
|>Please direct all replies ONLY to the Microsoft public newsgroups
|>so all can benefit.
|>
|>This posting is provided "AS-IS" with no warranties or guarantees
|>and confers no rights.
|>
|>Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
|>Microsoft Windows MVP - Windows Server - Directory Services
|>
|>Security Is Like An Onion, It Has Layers
|>HAM AND EGGS: A day's work for a chicken;
|>A lifetime commitment for a pig.

 
Reply With Quote
 
David Lewis
Guest
Posts: n/a

 
      08-10-2004
That would be fun if I knew how to do it. Thankx for the helpful suggestions on how to solve my problem :P

How would you prefer me to refer to my domain? I don't feel like posting my real domain name to a public news group.


Jonathan de Boyne Pollard <>
|>DL> If I ping our internal domain name domain.com [...]
|>
|>Does DomainBank know that you have hijacked its domain name for your own
|>use ?
|>
|><URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dont-obscure-your-dns-data.html>
|>
|>DL> sometimes I get the ip address of our old 2000 DC
|>
|><URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-ms-dcs-overwrite-domain-name.html>
|>
|>DL> if I ping www.domain.com or ftp.domain.com I get an error of unknown
|>host.
|>
|>This is a side-effect of your hijacking DomainBank's domain name for
|>your own use.
|>
|><URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon-common-server-names.html>

 
Reply With Quote
 
Joshua M. Gillette
Guest
Posts: n/a

 
      08-11-2004
Try flushing you dns cache with ipconfig /flushdns

Do you actually have computers named www and ftp?
if not you will have to setup CNAME records to point to
the appropriate servers to ping them in that fashion.
>-----Original Message-----
>If I ping our internal domain name domain.com sometimes I

get the ip address of our old 2000 DC and sometimes I get a
>completely different ip address. I have retired the old

DC and have upgraded to 2003. I am thinking that if I
ping our
>domain name internally I should get the ip address of the

2003 DC? Is that correct? Where in MS DNS do I say what
the
>ip address of the domain is? On the same note if I ping

www.domain.com or ftp.domain.com I get an error of unknown
>host. The web sites resolve externally, but not

internally. So it looks like I have some DNS tweaking to
do?
>.
>

 
Reply With Quote
 
Ace Fekay [MVP]
Guest
Posts: n/a

 
      08-11-2004
In news:,
David Lewis <*@*.*> made a post then I commented below
> thankx
>
> Do I set up a new host, alias or mail exchanger?
>
> I resolved the first issue, but I don't understand what a
> LdapIpAddress is? I didn't see anything that was named LdapIpAddress.
>
> As far as demote, yes I transfered all the MSFO operations and I used
> the dcpromo on the old DC to demote it.
>


Just setup A records. No aliases needed. No MX required either. MX records
are used by mail servers to find the mail machine on a given domain name.

The LdapIpAddress is the blank host name A record for the domain. You will
see one registered for each DC. Its an IP address for the domain that has no
hostname. AD uses that record. Don't mess with it. You will not see that
name in DNS. It does not have a name called LdapIpAddress. I was just trying
to point out that is what the engineers call that record. It what GPOs use.
Here's what the client machine uses to get a GPO:

\\domain.com\sysvol\domain.com\policies\{LongPolic yGuidNumberHere}

See the \\domain.com part of it? That is querying for that LdapIpAddress
record.

You can also call it the Blank Domain FQDN if you like, or the Blank Host
Name for the Domain if you like, but you won't see that name in DNS
anywhere.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================


 
Reply With Quote
 
Ace Fekay [MVP]
Guest
Posts: n/a

 
      08-11-2004
In news:,
David Lewis <*@*.*> made a post then I commented below
> thankx
>
> Do I set up a new host, alias or mail exchanger?
>
> I resolved the first issue, but I don't understand what a
> LdapIpAddress is? I didn't see anything that was named LdapIpAddress.
>
> As far as demote, yes I transfered all the MSFO operations and I used
> the dcpromo on the old DC to demote it.
>


Just to add, if the old the one you removed) DC's IP address shows up
anywhere in DNS, whether as an LdapIpAddress, or a hostname, or a GC record
(under the _msdcs.gc folder), you need to manually delete it. Look for it.

Ace


 
Reply With Quote
 
David Lewis
Guest
Posts: n/a

 
      08-11-2004
I did and it seems that we are having better network performance now
thankx

"Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@ho tmail.com>
|>Just to add, if the old the one you removed) DC's IP address shows up
|>anywhere in DNS, whether as an LdapIpAddress, or a hostname, or a GC record
|>(under the _msdcs.gc folder), you need to manually delete it. Look for it.

 
Reply With Quote
 
David Lewis
Guest
Posts: n/a

 
      08-11-2004
geeze, you made the comment about domain.com, I was just responding to your joke.

I didn't make the decision to use the same domain name internally and externally.
I'm just coming into an existing network and trying to clean it up.

I read the pages, I didn't say I didn't? Whats the deal, I just responded to your joke?

Jonathan de Boyne Pollard <>
|>DL> Thankx for the helpful suggestions on how to solve my problem :P
|>
|>Read the web pages that you were pointed to. I didn't include their
|>URLs merely as decoration. You've been led to water. Don't blame
|>others if you remain thirsty because you don't bother to drink.
|>
|>DL> How would you prefer me to refer to my domain? I don't feel like
|>DL> posting my real domain name to a public news group.
|>
|>Then you don't understand the nature of what you are doing. Read the
|>web pages that you were pointed to. I didn't include their URLs merely
|>as decoration.

 
Reply With Quote
 
Kevin D. Goodknecht Sr. [MVP]
Guest
Posts: n/a

 
      08-11-2004
In news:,
David Lewis <*@*.*> wrote their comments
Then Kevin replied below:
> geeze, you made the comment about domain.com, I was just
> responding to your joke.
>
> I read the pages, I didn't say I didn't? Whats the deal,
> I just responded to your joke?


Did he say he was joking? :-)




--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
================================================
--
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
================================================
http://www.lonestaramerica.com/
================================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
================================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
================================================


 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Trying to ping inside network 2003 Server Ras JH Server Networking 1 07-06-2007 10:40 PM
Can resolve DNS, can ping IP, but can't ping by DNS?? Bryan L Server Networking 14 01-22-2007 10:21 PM
Resolve items.. Resolve items.. Resolve items.. YES?! CJSnet ActiveSync 2 12-19-2005 06:48 PM
Can't resolve Public IP's inside the network Robert Cohen DNS Server 1 02-03-2005 03:21 PM
Network problem - VPC can resolve names but can't ping Blondie Wong Virtual PC 0 03-02-2004 12:47 PM